Privacy Policy

Effective 7 July 2026. Copal is operated by Bison Ventures Limited. Questions: support@copal.uk.

Who we are (data controller): Copal, a service of Bison Ventures Limited. Contact: support@copal.uk.

This policy covers the hosted Copal service at copal.uk, api.copal.uk and auth.copal.uk. Self-hosted deployments of the open-source components are controlled by whoever operates them, not by us.

What we collect

Why we process it (UK GDPR / EU GDPR)

We do not sell your data, show advertising, send marketing email, or use your vault content to train models or profile you.

Sub-processors

We use Cloudflare (hosting and all storage/compute, plus transactional email) and Stripe (payments and subscriptions). The current list is at copal.uk/subprocessors, and we give notice of changes.

Where your data is stored, and international transfers

Copal runs on Cloudflare's global network, so your data and its derived indexes may be stored and processed outside the UK and EEA. We do not currently offer a UK/EU-only residency option. Where personal data is transferred outside the UK/EEA, we rely on the safeguards in the Cloudflare Data Processing Addendum — the EU Standard Contractual Clauses and the UK International Data Transfer Addendum. Stripe processes billing data under equivalent safeguards. If you require UK/EU residency, contact us before subscribing.

How long we keep it

Your rights

Under UK/EU GDPR you have the right to access, rectify, erase, port, restrict, and object to the processing of your personal data, and to withdraw consent where processing relies on it. You can exercise the two main ones yourself:

For anything else, email support@copal.uk; we respond within one month. You can also complain to your data-protection authority — in the UK, the Information Commissioner's Office (ICO).

Cookies

We use a single essential cookie, the session cookie, required to keep you signed in. We use no analytics or advertising cookies.

Security and encryption posture

In transit: all traffic uses TLS. Credentials at rest: magic-link tokens and API/vault-sync tokens are stored hashed (SHA-256); there are no stored passwords. Each account's vault is isolated by tenant, and internal services talk over private service bindings, not the public internet.

At rest, your note content is stored as plaintext in Cloudflare R2, D1 (the keyword index) and Vectorize (semantic embeddings), protected by Cloudflare's platform-level at-rest encryption. Copal is deliberately not end-to-end encrypted or zero-knowledge: the service must be able to read your note content to provide its core features — semantic search, keyword indexing, and serving your notes to your AI agent. This is a deliberate trade-off for agent-readability and by-meaning search. If you need zero-knowledge storage where the provider cannot read your notes, Obsidian's own end-to-end-encrypted Sync is the better fit for those notes. Client-side-encrypted content (for example Remotely Save's end-to-end encryption) is incompatible with Copal, because encrypted blobs cannot be indexed or read by your agent. An opt-in per-note end-to-end "private" mode, which disables search for those notes, is on our roadmap.

No system is perfectly secure, but we design for least privilege.

Children

Copal is not directed to children under 16 and we do not knowingly collect their data.

Changes to this policy

We'll post changes here and update the effective date. For material changes we'll give notice by email to your account address or a prominent notice on the site.

Contact

support@copal.uk.